EP1573552A1 - Method and system for alternatively activating a replaceable hardware unit - Google Patents
Method and system for alternatively activating a replaceable hardware unitInfo
- Publication number
- EP1573552A1 EP1573552A1 EP03767595A EP03767595A EP1573552A1 EP 1573552 A1 EP1573552 A1 EP 1573552A1 EP 03767595 A EP03767595 A EP 03767595A EP 03767595 A EP03767595 A EP 03767595A EP 1573552 A1 EP1573552 A1 EP 1573552A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- hardware unit
- data processing
- replaceable hardware
- functional capabilities
- processing system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000003213 activating effect Effects 0.000 title claims abstract description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004519 manufacturing process Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 239000013256 coordination polymer Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
Definitions
- the present invention generally relates to configurable data processing systems. Particularly, the present invention relates to a method and system for alternatively activating a replaceable hardware unit of a first or a second type, providing a predetermined set of functional capabilities to a data processing system, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities.
- a data processing system is first manufactured having a predetermined set of functional characteristics.
- a multibit alterable code which includes a functional characteristic definition is then initially loaded into physically secure, nonvolatile memory within the data processing system, utilizing an existing bus, or a fusible link which may be opened after loading is complete.
- the functional characteristic definition is loaded from nonvolatile memory into a nonscannable register within a secure portion of a control logic circuit each time power is applied to the data processing system and the definition is then utilized to enable only selected functional characteristics.
- Entering a security code which matches one of a number of preloaded codes and an encoded alternate functional characteristic definition, may thereafter selectively enable alternate functional characteristics.
- the alternate functional characteristic definition may be enabled on a one-time, metered, or regularly scheduled basis and variable capability data processing systems may be implemented in this manner utilizing a single manufactured system, without the necessity of manufacturing and storing multiple data processing system models.
- a computer system having configuration data stored therein further includes an identifier for uniquely identifying the computer system.
- a copy of the stored configuration data is encoded via an encoding method, which uses the identifier, and the encoded configuration data is encrypted via an encryption method, which uses a private key.
- the encrypted configuration data is decrypted via a decryption method using a public key producing a decrypted result.
- the decrypted result may either be decoded using the identifier and compared to the stored configuration data or alternatively the stored configuration data may be encoded using the identifier and compared to the decrypted result.
- the object of the present invention is to provide an improved method and system for alternatively activating replaceable hardware units of different types.
- a method and a system for alternatively activating, in a data processing system, a replaceable hardware unit of a first or a second type, providing a predetermined set of functional capabilities, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities.
- a replaceable hardware unit is provided to the data processing system. Then, the type of the provided replaceable hardware unit gets determined. Then, if the provided replaceable hardware unit is of the first type, the subset of functional capabilities to be electronically enabled is determined and, subsequently, enabled. Alternatively, if said provided replaceable hardware unit is of the second type, the entire functional capabilities of said provided replaceable hardware unit are enabled, instead.
- an identification may be retrieved from said provided replaceable hardware unit and compared with a reference value in order to determine the type.
- the identification may be formed by a specific signal pattern retrieved from said provided replaceable hardware unit.
- the data processing unit comprises a smart chip and the step of determining the subset of functional capabilities to be electronically enabled is performed using said smart chip.
- the data processing unit comprises encoded and encrypted configuration data and the step of determining the subset of functional capabilities to be electronically enabled is performed using said configuration data.
- Fig. 1 shows a schematic block diagram illustrating a data processing system containing a replaceable hardware unit in accordance with the present invention, which may be utilized to implement the method of the present invention
- Fig. 2 shows a flow chart illustrating a method for alternatively activating a replaceable hardware unit according to the present invention.
- FIG. 1 there is depicted a schematic block diagram illustrating a data processing system 100 containing a replaceable hardware unit 110 in accordance with the present invention, which may be utilized to implement the method of the present invention.
- a memory card forms the replaceable hardware unit.
- the data processing system 100 includes a computer 104, which is coupled to an operator console 106 in a manner well known in the art.
- a computer 104 which is coupled to an operator console 106 in a manner well known in the art.
- Many of the high level components within computer 104 are depicted within FIG. 1, including a portion 108 for receiving the replaceable hardware unit 110, such as a slot for receiving the memory card, which serves as the main electronic storage within computer 104, and a central electronics complex 112 is also depicted.
- central electronics complex 112 may include multiple multi-chip modules which serve to perform the various functions of the central electronic complex, or alternately, central electronics complex 112 may be provided with a single high density circuit and including integrated circuit devices equivalent to several million transistors.
- a service processor 114 is provided and is preferably coupled between operator console 106 and central electronics complex 112 to provide access to the functions and circuitry therein.
- a power supply 116 and input/output channels 118 are also typically provided in such a computer system, as those skilled in the art will appreciate. Input/output channels 118 are preferably utilized to access various direct access storage devices (DASD) , such as diskette or tape storage devices, or printers, terminals or similar devices .
- DASD direct access storage devices
- central electronics complex 112 In a modern mainframe computer such as the International Business Machines Corporation System/390 the central electronics complex typically includes four or more multi-chip modules, which serve to address various functions within a central electronics complex. As illustrated within FIG. 1, central electronics complex 112 includes an SC module 122, which preferably serves to buffer and control the flow of data between main store realized on the replaceable unit 110, input/output module 124 and the various processors within computer 104. Input/output module 124 preferably serves to control and buffer data between input/output channels 118 and the main store in a manner well known in the art.
- SC module 122 which preferably serves to buffer and control the flow of data between main store realized on the replaceable unit 110, input/output module 124 and the various processors within computer 104.
- Input/output module 124 preferably serves to control and buffer data between input/output channels 118 and the main store in a manner well known in the art.
- B module 126 is provided to buffer and control instructions and data for the processor and CP module 128 serves to execute instructions within computer 104.
- each of these multi-chip modules 122, 124, 126 and 128 constitutes a highly complex electronic module which may include more than one hundred integrated circuit devices, each equivalent to thousands or millions of transistors .
- the replaceable hardware unit 110 in the present implementation forming the main store of the computer 104, includes a storage place for keeping an identifier 130, which can be read by the service processor 114 also functioning as a control unit for determining the type of the provided replaceable hardware unit.
- the identifier 130 may be stored as part of a memory controller chip present on the memory card. Alternatively, the identifier 130 may be retrieved via the functional path directly from the central electronic complex 112.
- Different cards e.g., cards from different manufacturers, may have different identifiers. It is acknowledged that in order to implement the present invention, one type of cards, e.g., cards from the same manufacturer preferably have the same identifier.
- the control unit i.e., the service processor 114, may read out the identifier. In order to provide higher security, the control unit may alternatively be implemented in the central electronic complex and the identifier may be read out via the functional (in band) path.
- the replaceable hardware unit 110 may have a plurality of functional capabilities, a first functional capability 132 and a second functional capability 134, which may selectively electronically be enabled, if the respective hardware unit 110 is particularly adapted to provide such feature.
- the functional capabilities may, in the case of a memory card, be formed by a plurality of memory portions that may individually be activated.
- the first functional capability 132 may implement a first memory portion
- the second functional capability 134 may implement a second memory portion, which may independently be activated.
- control unit here formed by the service processor 114, is configured to access configuration data 136.
- the configuration data 136 may be kept in a data store in encoded form.
- a replaceable hardware unit is provided (block 202), e.g., a memory card may be inserted into a respective memory card slot of a computer system.
- a replaceable hardware unit may be determined (block 204) .
- the type of the replaceable hardware unit may be dependent on the manufacturer of the unit and/or other features.
- the type of the replaceable hardware unit may distinguish a first type allowing selectively electronically enabling of a subset of functional capabilities provided by the unit, and a second type of those replaceable hardware units not allowing such feature.
- the type preferably gets determined by reading out an identifier, e.g., formed by a specific signal pattern retrieved from said replaceable hardware unit.
- the evaluation of the type leads to block 208, if a second type replaceable hardware card has been determined, and to block 210, if a first type replaceable hardware card has been determined. It is acknowledged that also a first group of identifiers may correspond to the first type and a second group of identifiers different from those of the first group may correspond to the second type.
- a data processing system is first manufactured having a predetermined set of functional characteristics.
- a multibit alterable code which includes a functional characteristic definition is then initially loaded into physically secure, nonvolatile memory within the data processing system, utilizing an existing bus, or a fusible link which may be opened after loading is complete.
- the functional characteristic definition is loaded from nonvolatile memory into a nonscannable register within a secure portion of a control logic circuit each time power is applied to the data processing system and the definition is then utilized to enable only selected functional characteristics.
- Entering a security code which matches one of a number of preloaded codes and an encoded alternate functional characteristic definition, may thereafter selectively enable alternate functional characteristics.
- the alternate functional characteristic definition may be enabled on a one-time, metered, or regularly scheduled basis and variable capability data processing systems may be implemented in this manner utilizing a single manufactured system, without the necessity of manufacturing and storing multiple data processing system models.
- this functionality may be implemented in accordance with the teaching of US 5,982,899, according to which data that is expressive of the configuration of a computer system is encrypted during manufacturing of the computer system.
- Using an identifier which is assigned to the computer system or a component thereof during manufacturing, does this.
- the manufacturer of the computer system only knows the private key, which is used for the encryption of the encoded data.
- the RSA cryptosystem preferably is used for encryption of the encoded data.
- the identifier can for example simply be added to the data.
- For decoding the identifier is subtracted later on from the encoded data.
- the DES method can be used whereby the identifier of the computer system is employed as a secret key.
- the encrypted data can be stored in any kind of storage device of the computer system, for example on an EPROM or on a diskette.
- the encrypted data can already be stored in the computer system during manufacturing. However, it is also possible to transmit the encrypted data to the computer system via a telephone line, ISDN or other telecommunication means when the computer system is already installed at the customer.
- the encrypted data is used for verifying the configuration. This serves to protect the computer system against unauthorized changes of its configuration. This can be a requirement for technical reasons or can serve as asset protection for the manufacturer of the computer system.
- the first step for verifying the configuration is to receive the encrypted data. This is accomplished by reading the encrypted data from the storage device of the computer system on which the encrypted data has been stored during manufacturing or by receiving the encrypted data via a telecommunications link directly from the manufacturer. Thereafter the encrypted data is decrypted, preferably using a public key of the RSA cryptosystem. This yields the decoded data, which has been encoded by means of the identifier.
- the identifier is available in the computer system, preferably in electronically readable form.
- the identifier In order to prevent the cloning of the computer system with another computer system having another identifier, the identifier has to be unchangeable. If the private and the public key match and if the same identifier is used for the encoding and decoding of the data then this yields the data, which is expressive of the configuration of the computer system stored during manufacturing.
- the configuration data of the computer system is also stored on a storage device of the computer system in unencoded form. These configuration data are compared to the decoded data. If there is a match between the decoded data and the unencoded configuration data this means that the customer is authorized to use this configuration of the computer system.
- this method for verifying of the configuration is carried out by means of microcode every time the computer system is booted.
- the determined subset of functional capabilities such as the amount of memory present on a memory card, is enabled (block 212) , before the method ends (block 214) .
- the present invention can be realized in hardware, software, or a combination of hardware and software. Any kind of computer system - or other apparatus adapted for carrying out the methods described herein - is suited.
- a typical combination of hardware and software could be a general- purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
- the present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which - when loaded in a computer system - is able to carry out these methods.
- Computer program means or computer program in the present context mean any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following a) conversion to another language, code or notation; b) reproduction in a different material form.
Abstract
The present invention provides a method and a system for alternatively activating, in a data processing system, a replaceable hardware unit of a first or a second type, providing a predetermined set of functional capabilities, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities. Initially a replaceable hardware unit is provided to the data processing system. Then, the type of the provided replaceable hardware unit gets determined. Then, if the provided replaceable hardware unit is of the first type, the subset of functional capabilities to be electronically enabled is determined and, subsequently, enabled. Alternatively, if said provided replaceable hardware unit is of the second type, the entire functional capabilities of said provided replaceable hardware unit are enabled, instead.
Description
D E S C R I P T I O N
Method And System For Alternatively Activating A Replaceable Hardware Unit
Background of the Invention
1. Field of the Invention
The present invention generally relates to configurable data processing systems. Particularly, the present invention relates to a method and system for alternatively activating a replaceable hardware unit of a first or a second type, providing a predetermined set of functional capabilities to a data processing system, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities.
2. Description of the Related Art
While the multiple models, variations and capabilities of modern computers represent a wide variety of choices to the consumer, the concomitant requirement that multiple variations and models of such computers be manufactured and stocked represents a substantial burden to computer manufacturers. Each existing model, variable functional characteristic or capability of a computer represents a large number of different systems, subassemblies and components, which must be manufa'ctured and stocked to maintain customer satisfaction. In order to permit a wide variety of functional characteristics to be implemented within a single computer system, variations in functional characteristics within such a computer system have been suggested that renders it unnecessary to physically or mechanically manipulate the respective computer system.
US 5,553,144 by Frank A. Almquist et al . , assigned to International Business Corporation, Armonk, NY, US, filed Mar. 7, 1995, issued Sep. 3, 1996, "Method And System For Selectively Altering Data Processing System Functional Characteristics Without Mechanical Manipulation", discloses a method and system for selectively altering the functional characteristics of a data processing system without physical or mechanical manipulation.. A data processing system is first manufactured having a predetermined set of functional characteristics. A multibit alterable code which includes a functional characteristic definition is then initially loaded into physically secure, nonvolatile memory within the data processing system, utilizing an existing bus, or a fusible link which may be opened after loading is complete. The functional characteristic definition is loaded from nonvolatile memory into a nonscannable register within a secure portion of a control logic circuit each time power is applied to the data processing system and the definition is then utilized to enable only selected functional characteristics. Entering a security code, which matches one of a number of preloaded codes and an encoded alternate functional characteristic definition, may thereafter selectively enable alternate functional characteristics. The alternate functional characteristic definition may be enabled on a one-time, metered, or regularly scheduled basis and variable capability data processing systems may be implemented in this manner utilizing a single manufactured system, without the necessity of manufacturing and storing multiple data processing system models.
US 5,982,899 by Jurgen Probst, assigned to International Business Machines Corporation, Armonk, NY, US, filed Aug. 11, 1995, issued Nov. 9, 1999, "Method For Verifying The
Configuration The Computer System" teaches a method for verification of configuration data which is expressive of the configuration of a computer system. A computer system having configuration data stored therein, further includes an identifier for uniquely identifying the computer system. A copy of the stored configuration data is encoded via an encoding method, which uses the identifier, and the encoded configuration data is encrypted via an encryption method, which uses a private key. Subsequently, the encrypted configuration data is decrypted via a decryption method using a public key producing a decrypted result. The decrypted result may either be decoded using the identifier and compared to the stored configuration data or alternatively the stored configuration data may be encoded using the identifier and compared to the decrypted result.
Such measures omitting the need of physical or mechanical manipulations of computer systems in order to modify their functional characteristics may lead to compatibility issues related to replaceable hardware units, such as I/O-cards, memory cards and graphic cards .
Object of the Invention
Starting from this, the object of the present invention is to provide an improved method and system for alternatively activating replaceable hardware units of different types.
Brief Summary of the Invention
The foregoing object is achieved by a method and a system as laid out in the independent claims . Further advantageous embodiments of the present invention are described in the sub
claims and are taught in the following description.
According to the present invention a method and a system is provided for alternatively activating, in a data processing system, a replaceable hardware unit of a first or a second type, providing a predetermined set of functional capabilities, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities. Initially a replaceable hardware unit is provided to the data processing system. Then, the type of the provided replaceable hardware unit gets determined. Then, if the provided replaceable hardware unit is of the first type, the subset of functional capabilities to be electronically enabled is determined and, subsequently, enabled. Alternatively, if said provided replaceable hardware unit is of the second type, the entire functional capabilities of said provided replaceable hardware unit are enabled, instead.
Preferably, an identification may be retrieved from said provided replaceable hardware unit and compared with a reference value in order to determine the type. The identification may be formed by a specific signal pattern retrieved from said provided replaceable hardware unit.
In a preferred implementation the data processing unit comprises a smart chip and the step of determining the subset of functional capabilities to be electronically enabled is performed using said smart chip. Alternatively, the data processing unit comprises encoded and encrypted configuration data and the step of determining the subset of functional capabilities to be electronically enabled is performed using said configuration data.
Brief Description of the Several Views of the Drawings
The above, as well as additional objectives, features and advantages of the present invention, will be apparent in the following detailed written description.
The novel features of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives, and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:
Fig. 1 shows a schematic block diagram illustrating a data processing system containing a replaceable hardware unit in accordance with the present invention, which may be utilized to implement the method of the present invention; and
Fig. 2 shows a flow chart illustrating a method for alternatively activating a replaceable hardware unit according to the present invention.
Detailed Description of the Invention
With reference to Fig. 1, there is depicted a schematic block diagram illustrating a data processing system 100 containing a replaceable hardware unit 110 in accordance with the present invention, which may be utilized to implement the method of the present invention. In the presented case a memory card forms the replaceable hardware unit.
s illustrated, the data processing system 100 includes a
computer 104, which is coupled to an operator console 106 in a manner well known in the art. Many of the high level components within computer 104 are depicted within FIG. 1, including a portion 108 for receiving the replaceable hardware unit 110, such as a slot for receiving the memory card, which serves as the main electronic storage within computer 104, and a central electronics complex 112 is also depicted. As will be explained in greater detail herein, central electronics complex 112 may include multiple multi-chip modules which serve to perform the various functions of the central electronic complex, or alternately, central electronics complex 112 may be provided with a single high density circuit and including integrated circuit devices equivalent to several million transistors. A service processor 114 is provided and is preferably coupled between operator console 106 and central electronics complex 112 to provide access to the functions and circuitry therein. A power supply 116 and input/output channels 118 are also typically provided in such a computer system, as those skilled in the art will appreciate. Input/output channels 118 are preferably utilized to access various direct access storage devices (DASD) , such as diskette or tape storage devices, or printers, terminals or similar devices .
Still referring to FIG. 1, the high level segments of central electronics complex 112 are illustrated. In a modern mainframe computer such as the International Business Machines Corporation System/390 the central electronics complex typically includes four or more multi-chip modules, which serve to address various functions within a central electronics complex. As illustrated within FIG. 1, central electronics complex 112 includes an SC module 122, which preferably serves to buffer and control the flow of data
between main store realized on the replaceable unit 110, input/output module 124 and the various processors within computer 104. Input/output module 124 preferably serves to control and buffer data between input/output channels 118 and the main store in a manner well known in the art. Similarly, B module 126 is provided to buffer and control instructions and data for the processor and CP module 128 serves to execute instructions within computer 104. As those skilled in the art will appreciate, each of these multi-chip modules 122, 124, 126 and 128 constitutes a highly complex electronic module which may include more than one hundred integrated circuit devices, each equivalent to thousands or millions of transistors .
The replaceable hardware unit 110, in the present implementation forming the main store of the computer 104, includes a storage place for keeping an identifier 130, which can be read by the service processor 114 also functioning as a control unit for determining the type of the provided replaceable hardware unit. The identifier 130 may be stored as part of a memory controller chip present on the memory card. Alternatively, the identifier 130 may be retrieved via the functional path directly from the central electronic complex 112.
Different cards, e.g., cards from different manufacturers, may have different identifiers. It is acknowledged that in order to implement the present invention, one type of cards, e.g., cards from the same manufacturer preferably have the same identifier. The control unit, i.e., the service processor 114, may read out the identifier. In order to provide higher security, the control unit may alternatively be implemented in the central electronic complex and the identifier may be read
out via the functional (in band) path.
The replaceable hardware unit 110 may have a plurality of functional capabilities, a first functional capability 132 and a second functional capability 134, which may selectively electronically be enabled, if the respective hardware unit 110 is particularly adapted to provide such feature. However, the present invention advantageously allows using also replaceable hardware units, which are compatible to be used with the computer 104, but which are not equipped with the feature of partially enabled functional capabilities. The functional capabilities may, in the case of a memory card, be formed by a plurality of memory portions that may individually be activated. In other words, the first functional capability 132 may implement a first memory portion and the second functional capability 134 may implement a second memory portion, which may independently be activated.
In order to correctly activate the provided functional capabilities of the replaceable hardware unit, the control unit, here formed by the service processor 114, is configured to access configuration data 136. The configuration data 136 may be kept in a data store in encoded form.
With reference now to Fig. 2, there is depicted a flow chart illustrating a method for alternatively activating a replaceable hardware unit according to the present invention starting at block 200. Initially a replaceable hardware unit is provided (block 202), e.g., a memory card may be inserted into a respective memory card slot of a computer system. On start-up of the computer system or any time during its operation the type of the hardware unit may be determined (block 204) . As aforementioned, the type of the replaceable
hardware unit may be dependent on the manufacturer of the unit and/or other features.
The type of the replaceable hardware unit may distinguish a first type allowing selectively electronically enabling of a subset of functional capabilities provided by the unit, and a second type of those replaceable hardware units not allowing such feature. However, the type preferably gets determined by reading out an identifier, e.g., formed by a specific signal pattern retrieved from said replaceable hardware unit.
The evaluation of the type (block 206) leads to block 208, if a second type replaceable hardware card has been determined, and to block 210, if a first type replaceable hardware card has been determined. It is acknowledged that also a first group of identifiers may correspond to the first type and a second group of identifiers different from those of the first group may correspond to the second type.
For all replaceable hardware of the second type the entire functionality is enabled (block 208) . For all replaceable hardware of the first type, however, it is determined which functional capability of replaceable hardware is to be enabled. This may, e.g., be done as described in US 5,553,144 or US 5,982,899, which are incorporated herewith by reference.
According to the teaching of US 5,553,144 a data processing system is first manufactured having a predetermined set of functional characteristics. A multibit alterable code which includes a functional characteristic definition is then initially loaded into physically secure, nonvolatile memory within the data processing system, utilizing an existing bus, or a fusible link which may be opened after loading is
complete. The functional characteristic definition is loaded from nonvolatile memory into a nonscannable register within a secure portion of a control logic circuit each time power is applied to the data processing system and the definition is then utilized to enable only selected functional characteristics. Entering a security code, which matches one of a number of preloaded codes and an encoded alternate functional characteristic definition, may thereafter selectively enable alternate functional characteristics. The alternate functional characteristic definition may be enabled on a one-time, metered, or regularly scheduled basis and variable capability data processing systems may be implemented in this manner utilizing a single manufactured system, without the necessity of manufacturing and storing multiple data processing system models.
Alternatively, this functionality may be implemented in accordance with the teaching of US 5,982,899, according to which data that is expressive of the configuration of a computer system is encrypted during manufacturing of the computer system. Using an identifier, which is assigned to the computer system or a component thereof during manufacturing, does this. The manufacturer of the computer system only knows the private key, which is used for the encryption of the encoded data. The RSA cryptosystem preferably is used for encryption of the encoded data. For encoding the data by means of the identifier, the identifier can for example simply be added to the data. For decoding the identifier is subtracted later on from the encoded data. Also the DES method can be used whereby the identifier of the computer system is employed as a secret key.
The encrypted data can be stored in any kind of storage device
of the computer system, for example on an EPROM or on a diskette. The encrypted data can already be stored in the computer system during manufacturing. However, it is also possible to transmit the encrypted data to the computer system via a telephone line, ISDN or other telecommunication means when the computer system is already installed at the customer.
Once the encrypted data is stored on a storage device of the computer system, the encrypted data is used for verifying the configuration. This serves to protect the computer system against unauthorized changes of its configuration. This can be a requirement for technical reasons or can serve as asset protection for the manufacturer of the computer system. The first step for verifying the configuration is to receive the encrypted data. This is accomplished by reading the encrypted data from the storage device of the computer system on which the encrypted data has been stored during manufacturing or by receiving the encrypted data via a telecommunications link directly from the manufacturer. Thereafter the encrypted data is decrypted, preferably using a public key of the RSA cryptosystem. This yields the decoded data, which has been encoded by means of the identifier. The identifier is available in the computer system, preferably in electronically readable form.
In order to prevent the cloning of the computer system with another computer system having another identifier, the identifier has to be unchangeable. If the private and the public key match and if the same identifier is used for the encoding and decoding of the data then this yields the data, which is expressive of the configuration of the computer system stored during manufacturing. The configuration data of the computer system is also stored on a storage device of the
computer system in unencoded form. These configuration data are compared to the decoded data. If there is a match between the decoded data and the unencoded configuration data this means that the customer is authorized to use this configuration of the computer system.
Preferably, this method for verifying of the configuration is carried out by means of microcode every time the computer system is booted. Alternatively, it is also possible to encode the configuration data, which is stored in an encoded form in the computer system and to compare the encoded data with the encoded configuration data.
Finally, the determined subset of functional capabilities, such as the amount of memory present on a memory card, is enabled (block 212) , before the method ends (block 214) .
The present invention can be realized in hardware, software, or a combination of hardware and software. Any kind of computer system - or other apparatus adapted for carrying out the methods described herein - is suited. A typical combination of hardware and software could be a general- purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein. The present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which - when loaded in a computer system - is able to carry out these methods.
Computer program means or computer program in the present context mean any expression, in any language, code or notation, of a set of instructions intended to cause a system
having an information processing capability to perform a particular function either directly or after either or both of the following a) conversion to another language, code or notation; b) reproduction in a different material form.
Claims
1. A method, in a data processing system, for alternatively activating a replaceable hardware unit of a first or a second, type, providing a predetermined set of functional capabilities, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities, the method comprising the steps of: providing a replaceable hardware unit to said data processing system, determining the type of the provided replaceable hardware unit, determining the subset of functional capabilities to be electronically enabled and electronically enabling the determined subset of functional capabilities, if said provided replaceable hardware unit is of the first type, and enabling the entire functional capabilities of said provided replaceable hardware unit, if said provided replaceable hardware unit is of the second type.
2. The method according to claim 1, wherein the step of determining the type of the provided replaceable hardware unit includes the steps of: retrieving an identification from said provided replaceable hardware unit and comparing said identification with a reference value.
3. The method according to claim 2 , wherein said identification is formed by a specific signal pattern retrieved from said provided replaceable hardware unit.
4. The method according to claim 2 or 3 , wherein said replaceable hardware unit is formed by a memory card.
5. The method according to claim 4, wherein said memory card comprises a memory controller chip and said identification is read out by the service processor via the central electronic complex.
6. The method according to one of the preceding claims, wherein said data processing unit comprises a smart chip and the step of determining the subset of functional capabilities to be electronically enabled is performed using said smart chip.
7. The method according to one of the claims 1 to 5 , wherein said data processing unit comprises an encoded and encrypted configuration data and the step of determining the subset of functional capabilities to be electronically enabled is performed using said configuration data.
8. A data processing system having a plurality of hardware units providing a predetermined set of functional capabilities, whereby said data processing system is being configured to allow selectively electronically enabling of at least a subset of said functional capabilities, the system comprising: a portion for receiving a replaceable hardware unit, a control unit for determining the type of the provided replaceable hardware unit, whereby said control unit is being configured to determine the subset of functional capabilities to be electronically enabled and electronically to enable the determined subset of functional capabilities, if said provided replaceable hardware unit is of the first type, and to enable the entire functional capabilities of said provided replaceable hardware unit, if said provided replaceable hardware unit is of the second type.
9. The data processing system according to claim 8, wherein said control unit is adapted to retrieve an identification from said provided replaceable hardware unit and to compare said identification with a reference value.
10. The data processing system according to claim 9, wherein said identification is formed by a specific signal pattern.
11. The data processing system according to claim 9 or 10, wherein said portion for receiving a replaceable hardware unit is formed by a slot for receiving a memory card.
12. The data processing system according to claim 11, wherein said control unit is configured to communicate with a memory controller chip located on an external memory card, when said external memory card is present in the receiving portion and to receive said identification.
13. The data processing system according to one of the preceding claims, wherein said data processing unit comprises a smart chip and said control unit is adapted to determine the subset of functional capabilities to be electronically enabled by using said smart chip.
14. The data processing system according to one of the claims 8 to 12, wherein said data processing unit comprises a storage device holding encoded and encrypted configuration data and said control unit is adapted to determine the subset of functional capabilities to be electronically enabled by using said configuration data stored in said storage device.
15. A computer program product stored on a computer usable medium, comprising computer readable program means for causing a computer to perform a method according to anyone of the preceding claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP03767595A EP1573552B1 (en) | 2002-12-20 | 2003-11-21 | Method and system for alternatively activating a replaceable hardware unit |
| US11/156,934 US7464260B2 (en) | 2002-12-20 | 2005-06-20 | Method for alternatively activating a replaceable hardware unit |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP02102851 | 2002-12-20 | ||
| EP02102851 | 2002-12-20 | ||
| PCT/EP2003/013073 WO2004057477A1 (en) | 2002-12-20 | 2003-11-21 | Method and system for alternatively activating a replaceable hardware unit |
| EP03767595A EP1573552B1 (en) | 2002-12-20 | 2003-11-21 | Method and system for alternatively activating a replaceable hardware unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP1573552A1 true EP1573552A1 (en) | 2005-09-14 |
| EP1573552B1 EP1573552B1 (en) | 2007-09-05 |
Family
ID=34828519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP03767595A Expired - Lifetime EP1573552B1 (en) | 2002-12-20 | 2003-11-21 | Method and system for alternatively activating a replaceable hardware unit |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US7464260B2 (en) |
| EP (1) | EP1573552B1 (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004057477A1 (en) * | 2002-12-20 | 2004-07-08 | International Business Machines Corporation | Method and system for alternatively activating a replaceable hardware unit |
| US7114015B2 (en) * | 2003-09-03 | 2006-09-26 | Seagate Technology Llc | Memory card having first modular component with host interface wherein the first modular is replaceable with a second modular component having second host interface |
| US7409477B2 (en) * | 2003-09-03 | 2008-08-05 | Hewlett-Packard Development Company, L.P. | Memory card having a processor coupled between host interface and second interface wherein internal storage code provides a generic interface between host interface and processor |
| CN101223508B (en) * | 2005-07-12 | 2010-05-26 | 国际商业机器公司 | Method and system for reconfiguring functional capabilities in a data processing system |
| US8078326B2 (en) * | 2008-09-19 | 2011-12-13 | Johnson Controls Technology Company | HVAC system controller configuration |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5598577A (en) * | 1991-12-26 | 1997-01-28 | Dell Usa, L.P. | Computer system with automatic drive model ID recognition and drive type adaptation |
| US5553144A (en) * | 1993-03-11 | 1996-09-03 | International Business Machines Corporation | Method and system for selectively altering data processing system functional characteristics without mechanical manipulation |
| US6721817B1 (en) * | 1997-01-21 | 2004-04-13 | Dell Usa, L.P. | Original equipment manufacturer identification for configurable electronic hardware |
| US6820157B1 (en) * | 1998-06-30 | 2004-11-16 | International Business Machines Corporation | Apparatus, program product and method of replacing failed hardware device through concurrent maintenance operation |
| US6725346B1 (en) | 2000-04-04 | 2004-04-20 | Motorola, Inc. | Method and apparatus for overlaying memory in a data processing system |
| JP3927761B2 (en) * | 2000-07-31 | 2007-06-13 | 株式会社ソニー・コンピュータエンタテインメント | Electronic device communication system and electronic device communication method |
| US20020108009A1 (en) * | 2000-12-29 | 2002-08-08 | Michele Borgatti | Electronic system having modular expansion function facilities |
| JP4370063B2 (en) * | 2001-06-27 | 2009-11-25 | 富士通マイクロエレクトロニクス株式会社 | Semiconductor memory device control device and semiconductor memory device control method |
| US6965949B1 (en) * | 2001-09-06 | 2005-11-15 | Dell Products L.P. | Computing system and method for accessing a computer-readable medium device |
| US6993643B2 (en) * | 2001-12-03 | 2006-01-31 | International Business Machines Corporation | Method and system of dynamic video driver selection on a bootable CD via symbolic links |
| WO2004057477A1 (en) | 2002-12-20 | 2004-07-08 | International Business Machines Corporation | Method and system for alternatively activating a replaceable hardware unit |
-
2003
- 2003-11-21 EP EP03767595A patent/EP1573552B1/en not_active Expired - Lifetime
-
2005
- 2005-06-20 US US11/156,934 patent/US7464260B2/en not_active Expired - Lifetime
Non-Patent Citations (1)
| Title |
|---|
| See references of WO2004057477A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| US20050268162A1 (en) | 2005-12-01 |
| US7464260B2 (en) | 2008-12-09 |
| EP1573552B1 (en) | 2007-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0787328B1 (en) | Method for verifying the configuration of a computer system | |
| EP0707270B1 (en) | Method and apparatus for validating system operation | |
| US5442645A (en) | Method for checking the integrity of a program or data, and apparatus for implementing this method | |
| US5530753A (en) | Methods and apparatus for secure hardware configuration | |
| US5365587A (en) | Self modifying access code for altering capabilities | |
| US7702908B2 (en) | Tamper resistant module certification authority | |
| US9088418B2 (en) | System and method for updating read-only memory in smart card memory modules | |
| US20030014643A1 (en) | Electronic apparatus and debug authorization method | |
| US20060289658A1 (en) | Processor circuit and method of allocating a logic chip to a memory chip | |
| US5553144A (en) | Method and system for selectively altering data processing system functional characteristics without mechanical manipulation | |
| JPH087780B2 (en) | Data carrier for storing and processing data | |
| WO1999038078A1 (en) | Storage device, encrypting/decrypting device, and method for accessing nonvolatile memory | |
| US8041938B2 (en) | Alternatively activating a replaceable hardware unit | |
| US7464260B2 (en) | Method for alternatively activating a replaceable hardware unit | |
| JPH0440587A (en) | Portable electronic equipment | |
| CN111199023A (en) | Key system and decryption method of MCU program | |
| CN112199740B (en) | Encryption lock implementation method and encryption lock | |
| US20030236989A1 (en) | Secure software customization for smartcard | |
| JPH09102020A (en) | Ic card terminal | |
| US20060265578A1 (en) | Detection of a sequencing error in the execution of a program | |
| US5901285A (en) | Hierarchical erasure key protection for computer system data | |
| EP0268140B1 (en) | Hardware cartridge representing verifiable, use-once authorization | |
| JP2000259801A (en) | Memory device for ic card with initialization function | |
| JPH0916740A (en) | Portable information recording medium and method for writings/reading information to/from the same | |
| CA2295887A1 (en) | Method of loading commands in the security module of a terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| 17P | Request for examination filed |
Effective date: 20050329 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
| AX | Request for extension of the european patent |
Extension state: AL LT LV MK |
|
| DAX | Request for extension of the european patent (deleted) | ||
| GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
| RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION |
|
| GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
| GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
| AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR |
|
| REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
| REG | Reference to a national code |
Ref country code: CH Ref legal event code: NV Representative=s name: PETER M. KLETT Ref country code: CH Ref legal event code: EP |
|
| REF | Corresponds to: |
Ref document number: 60316183 Country of ref document: DE Date of ref document: 20071018 Kind code of ref document: P |
|
| REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
| ET | Fr: translation filed | ||
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20071216 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: LI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| NLV1 | Nl: lapsed or annulled due to failure to fulfill the requirements of art. 29p and 29m of the patents act | ||
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20071206 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20080206 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20071205 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20071130 |
|
| PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| 26N | No opposition filed |
Effective date: 20080606 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20071121 |
|
| REG | Reference to a national code |
Ref country code: GB Ref legal event code: 746 Effective date: 20081017 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20071121 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20071205 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20080306 Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20070905 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20101203 Year of fee payment: 8 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20071130 |
|
| REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20120731 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20111130 |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 60316183 Country of ref document: DE Representative=s name: KUISMA, SIRPA, FI |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20221125 Year of fee payment: 20 Ref country code: DE Payment date: 20220922 Year of fee payment: 20 |
|
| P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230423 |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R071 Ref document number: 60316183 Country of ref document: DE |
|
| REG | Reference to a national code |
Ref country code: GB Ref legal event code: PE20 Expiry date: 20231120 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION Effective date: 20231120 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF EXPIRATION OF PROTECTION Effective date: 20231120 |